Entities allowed between slashes on a protocol relative URL

You can place whitespace between slashes, this vector finds out what entities you can place in between them.

Created by: hackvertor

Created on: Saturday, July 6, 2024 at 10:33:43 AM

Updated on: Saturday, November 30, 2024 at 4:17:32 AM

Vector type: JS

Vector charset: UTF-8

Code used before fuzz:
const div = document.createElement('div')

Template used:

div.innerHTML='<a href="/$[data1]/example.com">';
if(div.querySelector('a').host === 'example.com') {
   log('$[data1]');
}

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

div.innerHTML='<a href="/&bsol;/example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&bsol;');
}

div.innerHTML='<a href="/&NewLine;/example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NewLine;');
}

div.innerHTML='<a href="/&sol;/example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&sol;');
}

div.innerHTML='<a href="/&Tab;/example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&Tab;');
}

Safari 17.5 mobile iOS 17.5.1

Updated

Sat Jul 06 2024

Found 4 results

Show differences only?

Filter out alphanumeric

Sort ascending

Chrome 126.0.0.0 desktop macOS 10.15.7

Updated

Sat Jul 06 2024

Found 4 results

Show differences only?

Filter out alphanumeric

Sort ascending

Firefox 127.0 desktop macOS 10.15

Updated

Sat Jul 06 2024

Found 4 results

Show differences only?

Filter out alphanumeric

Sort ascending